Bird_banner_small4
Worm.MSIL.Rawanobot.A
TSL ID TSL20180208-05
Severity High
Description

Worm.MSIL.Rawanobot.A is a Bot agent that targets the Windows platform. This malware contacts a remote server and receives commands to perform nefarious activities on the infected machine. This malware spreads by copying itself to all the binary executables in the top level directories of all the logical drives except the system drive. It keeps the original names of the file while copying itself. The supported commands would allow to launch a UDP flood attack against the provided target, download/execute a file, and more. Furthermore, it creates a Run key Registry entry to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 239477FA736419F006E7D6F791919D49
SHA1:
  • 97DFD9BBBC938601D3C220CCA18465B9AE59CA81
Identifiers
Kaspersky
  • TROJAN-RANSOM.WIN32.BLOCKER.KQZM
McAfee
  • ARTEMIS!239477FA7364
TrendMicro
AegisLab
  • TROJ.RANSOM.W32.BLOCKER!C
Arcabit
  • TROJAN.GENERIC.D1CEA007
Avira
  • TR/DOWNLOADER.IELRK
BitDefender
  • TROJAN.GENERICKD.30318599
ESET-NOD32
  • MSIL/AGENT.BII
Fortinet
  • MSIL/AGENT.BII!TR
References http://www.virusradar.com/en/MSIL_Agent.BII/description
Related Threats